| 1 |
On Fri, 2006-12-01 at 07:22 -0600, Andrew Gaffney wrote: |
| 2 |
> Steve Long wrote: |
| 3 |
> >>> There'll always be GLSA's to respond to. That's another issue that |
| 4 |
> >>> needs to be handled w/ a slow-moving tree. Are you going to restrict |
| 5 |
> >>> changes in the slow-moving tree only to changes against a GLSA? |
| 6 |
> >> That's what we've said. |
| 7 |
> >> |
| 8 |
> > I don't have a problem with this at all. The slow-moving tree isn't; it's a |
| 9 |
> > release tree. The only question I have, which Stuart also mentioned, is |
| 10 |
> > whether all security updates go thru the GLSA process. |
| 11 |
> |
| 12 |
> Are you asking if all security updates that are done to the release will have |
| 13 |
> gone through the GLSA process? I'd say the answer is yes, since the only updates |
| 14 |
> that will go in the release tree are security updates from GLSAs :P |
| 15 |
|
| 16 |
Actually, we would have to review the process, since not everything that |
| 17 |
gets a security bug ends up with a GLSA. My current loose rule is that |
| 18 |
if it deserves a GLSA, then it deserves and update, but I don't know the |
| 19 |
exact criteria the security team uses to decide if something warrants a |
| 20 |
GLSA or not. |
| 21 |
|
| 22 |
-- |
| 23 |
Chris Gianelloni |
| 24 |
Release Engineering Strategic Lead |
| 25 |
Alpha/AMD64/x86 Architecture Teams |
| 26 |
Games Developer/Council Member/Foundation Trustee |
| 27 |
Gentoo Foundation |
Archives